CLX is ready for GDPR

Trust and Security are our highest priority. We have gone above and beyond to create infrastructure and connectivity that guarantees GDPR compliance. Tier 1 connectivity is no longer a 'nice to have'.

Johan Hedberg

CEO, CLX Communications

What is GDPR?

GDPR (European General Data Protection Regulation) is a new set of regulations in force from the 25th May 2018. These rules have been created to strengthen and protect the personal data of European Union (EU) data subjects, and are designed to cover the rights of EU residents and citizens in terms of privacy, the protection of personal data, security of that data, and consumer consent in a world of increasing data flow between businesses and consumers across the world.

If you store and process data of anyone located in the EU or communicate with them then you are required to be GDPR compliant regardless of where you are based geographically.

GDPR updates and replaces the data protection laws currently in place, and is directly enforceable in each EU member state. GDPR will result in a lot of changes to the way that data is handled, tracked and stored for organizations in the EU.

Strong privacy, data protection and security are at the heart of our mission and as such we have been working diligently to prepare for the EU GDPR legislation and are fully compliant. We are committed to helping our customers be compliant with their Cloud Communications activities too.

What are we doing to ensure we are GDPR compliant?

Our Bespoke EEA Routing

Restricting File Storage

We are ensuring that log files are stored for the absolute minimum amount of time, after this time has passed, all data is anonymized.

Trained Support Teams

We have a team of GDPR trained support teams to ensure data does not leave the EEA whilst making its way through the support process.

Data Protection Agreements

We are encouraging all of our customers and suppliers to sign our Data Protection Agreement (DPAs).

Appointed a Data Protection Officer

We have appointed an internal Data Protection Officer to ensure we monitor and maintain GDPR compliance.

Infrastructure and Routing that guarantees data is kept in the EU

Although not strictly mandated by GDPR, we have created a European Economic Area (EEA) messaging infrastructure to help enterprises meet GDPR requirements, this will ensure the protection of personal data and message routing via our Tier 1 connections to EEA based Carriers and Operators.

This new API guarantees that message data will remain in the EEA by leveraging our vast Tier 1 Network. This will allow the creation of a GDPR specific routing class that ensures messages sent to consumers (Data Subjects) in the EU will only use mobile network operators located within the EU, without having to hand-off any data to third parties.

Some communication providers operate an architecture that could allow personal data to flow through countries outside the EEA, for many enterprises, particularly in the Government, Banking and Financial Services sectors, keeping data within the EEA block is the only way of guaranteeing messages fall within the GDPR requirements.

An Illustrated Guide to GDPR

This illustrated guide to GDPR from Teach Privacy is a handy reference tool to explain GDPR in simple terms. It lays out all the roles of those involved in complying with GDPR, as well as their responsibilities. It also explains the rights of consumers, or ‘data subjects’, whose data is being stored and processed by businesses offering goods or services within the EU.